nbos

https://git.tonybtw.com/nbos.git git://git.tonybtw.com/nbos.git

1,285 bytes raw

#define _GNU_SOURCE
#include "sandbox.h"

#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <stdio.h>
#include <string.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

/**
 * sandbox_setup() - Build a hermetic sandbox at @sandbox_root.
 * @sandbox_root: Directory the sandbox is constructed under.
 * @deps: Direct build deps of the package being built.
 * @resolved_deps: Resolved entries paralleling the system's pkg list.
 * @src_dir: Source tree to bind-mount as the build root inside.
 *
 * Read-only bind mounts each dep's store path; provides /dev/null,
 * /dev/urandom, fresh procfs, a private tmpfs, and the source tree
 * at /build. No network, no host /home, /etc, or /root.
 *
 * Return: 0 on success, errno value on failure.
 */
int sandbox_setup(
    const char     *sandbox_root,
    const pkg_refs *deps,
    const resolved *resolved_deps,
    const char     *src_dir
) {
    (void)sandbox_root;
    (void)deps;
    (void)resolved_deps;
    (void)src_dir;
    return ENOSYS;
}

/**
 * sandbox_teardown() - Undo a sandbox built by sandbox_setup().
 * @sandbox_root: Directory previously passed to sandbox_setup().
 */
void sandbox_teardown(const char *sandbox_root) {
    if (sandbox_root == nullptr) return;
}

1	`#define _GNU_SOURCE`
2	`#include "sandbox.h"`
3
4	`#include <errno.h>`
5	`#include <fcntl.h>`
6	`#include <sched.h>`
7	`#include <stdio.h>`
8	`#include <string.h>`
9	`#include <sys/mount.h>`
10	`#include <sys/stat.h>`
11	`#include <sys/types.h>`
12	`#include <unistd.h>`
13
14	`/**`
15	`* sandbox_setup() - Build a hermetic sandbox at @sandbox_root.`
16	`* @sandbox_root: Directory the sandbox is constructed under.`
17	`* @deps: Direct build deps of the package being built.`
18	`* @resolved_deps: Resolved entries paralleling the system's pkg list.`
19	`* @src_dir: Source tree to bind-mount as the build root inside.`
20	`*`
21	`* Read-only bind mounts each dep's store path; provides /dev/null,`
22	`* /dev/urandom, fresh procfs, a private tmpfs, and the source tree`
23	`* at /build. No network, no host /home, /etc, or /root.`
24	`*`
25	`* Return: 0 on success, errno value on failure.`
26	`*/`
27	`int sandbox_setup(`
28	`const char *sandbox_root,`
29	`const pkg_refs *deps,`
30	`const resolved *resolved_deps,`
31	`const char *src_dir`
32	`) {`
33	`(void)sandbox_root;`
34	`(void)deps;`
35	`(void)resolved_deps;`
36	`(void)src_dir;`
37	`return ENOSYS;`
38	`}`
39
40	`/**`
41	`* sandbox_teardown() - Undo a sandbox built by sandbox_setup().`
42	`* @sandbox_root: Directory previously passed to sandbox_setup().`
43	`*/`
44	`void sandbox_teardown(const char *sandbox_root) {`
45	`if (sandbox_root == nullptr) return;`
46	`}`